COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Added on 2023-04-26
11 Pages3206 Words245 Views
|
|
|
Running head: COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Comprehensive and Technical Risk Analysis
Name of the Student
Name of the University
Author Note
Comprehensive and Technical Risk Analysis
Name of the Student
Name of the University
Author Note
1COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Executive Summary
Before implementing a technological system it is necessary that an organization go through
risk analysis process to find out if there have been any impending threats in the system or the
operational processes of the organization. This one's for the make sure that proper decision is
taken against those risks based on their priority and proper responsible people are appointed
to mitigate those risks. In the same way in this key is also the small scale software company
is analyzed for finding out any threats impending within the operations of the organization
about the risks in information technology for the organization. This would be done in several
processes by finding out the rationale for the risk assessment process and identification and
discussion of the key threats. Furthermore the mitigation of the key threads would be
identified followed by the impact on the organization and the stakeholders associated with it.
Executive Summary
Before implementing a technological system it is necessary that an organization go through
risk analysis process to find out if there have been any impending threats in the system or the
operational processes of the organization. This one's for the make sure that proper decision is
taken against those risks based on their priority and proper responsible people are appointed
to mitigate those risks. In the same way in this key is also the small scale software company
is analyzed for finding out any threats impending within the operations of the organization
about the risks in information technology for the organization. This would be done in several
processes by finding out the rationale for the risk assessment process and identification and
discussion of the key threats. Furthermore the mitigation of the key threads would be
identified followed by the impact on the organization and the stakeholders associated with it.
2COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Table of Contents
Introduction................................................................................................................................3
Background of the organization and its systems and operations...........................................3
Goals and various key terms used in risk management and assessment of IT risk in
business terms........................................................................................................................4
Identification and discussion of the key threats.....................................................................4
Approaches for mitigating security risk and impact of the mitigation processes on the
organization............................................................................................................................6
Rationale for further analysis.................................................................................................8
Conclusion..................................................................................................................................8
References..................................................................................................................................9
Table of Contents
Introduction................................................................................................................................3
Background of the organization and its systems and operations...........................................3
Goals and various key terms used in risk management and assessment of IT risk in
business terms........................................................................................................................4
Identification and discussion of the key threats.....................................................................4
Approaches for mitigating security risk and impact of the mitigation processes on the
organization............................................................................................................................6
Rationale for further analysis.................................................................................................8
Conclusion..................................................................................................................................8
References..................................................................................................................................9
3COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Introduction
A technical risk assessment procedure follows a Framework for every organization to
handle a wide range of complex process and project to make sure that the risk arising in all
the projects are assessed and handled feasibly. In this case, a small scale IT Company has
implemented a technological environment and needs to conduct a technical risk analysis for
which they have hired a consultant. A management report needs to be constructed in this
regard to understand a clear statement of the technology project that is to be assessed and the
overview of the recommendation to the management for which the merit of the project is
based on for the risk assessment procedure. The entire risk assessment would be based on
assets, vulnerabilities, threats and consequences that would be derived from the IT control
framework. Along with that, the industry risk recommendations would also be specified for
the project along with the key threats and the process to mitigate the threats. The impact that
this mitigation process would have on the organization would also be described along with a
brief summary of the protection mechanism that would be employed within the organization
based on the people, culture and technology. In the end any further analysis of gaps and the
reason they would be done will also be explained in the risk assessment report.
Background of the organization and its systems and operations
The organization on which the risk assessment is to be completed is basically a small
scale software organization. This organization mostly deals with the working on innovative
software which plans to sell or provide services to the customers in near future. The
organization stores its codes and documentation in specific servers that can be accessible via
Internet. All the documentation and codes that are stored on servers are also public in nature.
Even though the organization is a small scale software company, they have a considerable
investment in this data corporation which is mainly developed for corporate purposes.
Needless to say, the integrity and confidentiality of the data is thus extremely important.
There is a number of staff in this organization that is responsible for the management of the
server infrastructure although there are many people across the organization that has the idea
of the administrative passwords. This is done only because there is a lack of a full-time
administrator in the business right at this point of time and this is why people have the
knowledge about the administration password to make sure that anybody can work as a part-
Introduction
A technical risk assessment procedure follows a Framework for every organization to
handle a wide range of complex process and project to make sure that the risk arising in all
the projects are assessed and handled feasibly. In this case, a small scale IT Company has
implemented a technological environment and needs to conduct a technical risk analysis for
which they have hired a consultant. A management report needs to be constructed in this
regard to understand a clear statement of the technology project that is to be assessed and the
overview of the recommendation to the management for which the merit of the project is
based on for the risk assessment procedure. The entire risk assessment would be based on
assets, vulnerabilities, threats and consequences that would be derived from the IT control
framework. Along with that, the industry risk recommendations would also be specified for
the project along with the key threats and the process to mitigate the threats. The impact that
this mitigation process would have on the organization would also be described along with a
brief summary of the protection mechanism that would be employed within the organization
based on the people, culture and technology. In the end any further analysis of gaps and the
reason they would be done will also be explained in the risk assessment report.
Background of the organization and its systems and operations
The organization on which the risk assessment is to be completed is basically a small
scale software organization. This organization mostly deals with the working on innovative
software which plans to sell or provide services to the customers in near future. The
organization stores its codes and documentation in specific servers that can be accessible via
Internet. All the documentation and codes that are stored on servers are also public in nature.
Even though the organization is a small scale software company, they have a considerable
investment in this data corporation which is mainly developed for corporate purposes.
Needless to say, the integrity and confidentiality of the data is thus extremely important.
There is a number of staff in this organization that is responsible for the management of the
server infrastructure although there are many people across the organization that has the idea
of the administrative passwords. This is done only because there is a lack of a full-time
administrator in the business right at this point of time and this is why people have the
knowledge about the administration password to make sure that anybody can work as a part-
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents